Transparent ASA

Maro.Cisco · ‎04-30-2014

Dears,

I would like to implement the below design , and im wondering if its going to be valid.

PC(Access vlan 10)-----------SWITCH(SVI Vlan 10 , Vlan 20)------Trunk-------Bridge group 1-----ASA(Transparent)--Bridge group 1-------Trunk----Switch(SVI vlan 10 , Vlan 20)----------------PC(Vlan20)

I want traffic going from PC vlan 10 to reach PC vlan 20 and at the same time to be inspected by the transparent firewall ASA , i have read in many documents that the 2 interfaces of the firewall should be in different vlan but in my case here i would like to have both interfaces of the ASA as trunk and not to be assigned to a particular vlan , is this doable ??

Thanks

Poonam Garg · ‎04-30-2014

We generally use trunk when we use different subnets and use subinterfaces on ASA. what you are trying to achieve, after all both the vlan you are trying to communicate with should have same subnet.i.e vlan 10 and vlan 20 can not be in different subnet.

Maro.Cisco · ‎05-01-2014

Actually i want both vlans to be in different subnets

Poonam Garg · ‎05-01-2014

A transparent firewall, is a Layer 2 firewall that acts like a "bump in the wire," or a "stealth firewall," and is not seen as a router hop to connected devices. The ASA connects the same network on its inside and outside interfaces.

Each directly connected network must be on the same subnet.

Refer this document.

HTH

"Please rate helpful posts"

WILLIAM STEGMAN · ‎05-01-2014

If you want the vlans to be in 2 different subnets, you wouldn't use a layer 2 firewall. You'd use a layer 3 firewall. With a layer 2 firewall, you break up one subnet into 2 VLANs and access to/from the inside protected network is controlled via a bridged virtual interface configured on the firewall that connects the 2 vlans.

Maro.Cisco · ‎05-01-2014

what if the vlans are in two different subnets